def get_instance_by_id(ec2,
instance_id,
fail_nonexisting_id=False,
fail_terminated=False):
instance = ec2.Instance(instance_id)
try:
instance.load()
except boto.ClientError as e:
if (fail_nonexisting_id
and 'InvalidInstanceID' in e.response['Error']['Code']):
# InvalidInstanceID.Malformed
# InvalidInstanceID.NotFound
raise errors.ObjectDoesNotExist(
'Instance with id {0} does not exist'.format(instance_id))
return None
# We may have successfully retrieved a terminated instance.
# We treat terminated instances as not present anymore, but again give
# the caller a choice on how to proceed.
if instance.state['Name'] == 'terminated':
# Optionally fail for callers that need non-terminated instances
if fail_terminated:
raise errors.UnexpectedStateError(
"Instance with id {0} is terminated".format(instance_id))
return None
return instance
def validate_security_group(ec2, secgroup_id, vpc_id):
if not security_group_exists(ec2, secgroup_id):
raise errors.ObjectDoesNotExist(
"Security group does not exist: {0}".format(secgroup_id))
if not security_group_in_vpc(ec2, secgroup_id, vpc_id):
raise errors.ValidationError(
"Security group {0} is not in VPC {1}.".format(
secgroup_id, vpc_id))
def validate_instance_type_reference(ec2, instance_type):
try:
ec2.meta.client.describe_instance_types(InstanceTypes=[instance_type
], )
except boto.ClientError as e:
if e.response['Error']['Code'] == 'InvalidInstanceType':
raise errors.ObjectDoesNotExist(
'Instance type {0} does not exist in your region'.format(
instance_type))
raise
def validate_az_id(ec2, availability_zone_id):
try:
ec2.meta.client.describe_availability_zones(
ZoneIds=[availability_zone_id])
except boto.ClientError as e:
code = e.response["Error"]["Code"]
if code in ("InvalidAvailabilityZone", "InvalidParameterValue"):
raise errors.ObjectDoesNotExist(
"Availability zone with id {0} does not "
"exist in your region".format(availability_zone_id))
raise
def _identify_vpc(ec2, params, fail_nonexisting_id=False):
if params["id"]:
vpc = ec2_vpc_utils.get_vpc_by_id(ec2, params["id"],
fail_nonexisting_id)
# currently we do not fallback to (name, cidr) identification
# if identification by ID fails.
if not vpc and fail_nonexisting_id:
raise errors.ObjectDoesNotExist(
"VPC with id {0} does not exist".format(params["id"]))
return vpc
return _get_vpc_by_primary_cidr_and_name(ec2, params["name"],
params["cidr"])
def validate_security_group_references(ec2, security_groups, vpc_id):
groups = ec2.security_groups.filter(
Filters=ec2_filters.from_dict({
'group-id': security_groups,
'vpc-id': vpc_id,
}))
present_groups = {group.id for group in groups}
invalid_refs = set(security_groups) - present_groups
if invalid_refs:
raise errors.ObjectDoesNotExist(
"Security groups ({0}) do not exist in {1}".format(
", ".join(sorted(invalid_refs)), vpc_id))
def validate_ami_reference(ec2, ami_id):
ami = ec2.Image(ami_id)
try:
ami.load()
except boto.ClientError as e:
if 'InvalidAMIID' in e.response['Error']['Code']:
# InvalidAMIID.Malformed
# InvalidAMIID.NotFound
# InvalidAMIID.Unavailable
raise errors.ObjectDoesNotExist(
'AMI with id {0} does not exist in your region'.format(ami_id))
raise
def get_subnet_by_id(ec2, subnet_id, fail_nonexisting_id=False):
subnet = ec2.Subnet(subnet_id)
if subnet not in ec2.subnets.filter(
Filters=ec2_filters.from_dict({
'subnet-id': subnet_id,
})):
if fail_nonexisting_id:
raise errors.ObjectDoesNotExist(
'Subnet with id {0} does not exist'.format(subnet_id))
return None
subnet.load()
return subnet
def get_network_interface_by_id(ec2, eni_id, fail_nonexisting_id=False):
eni = ec2.NetworkInterface(eni_id)
try:
eni.load()
except boto.ClientError as e:
if e.response["Error"]["Code"] in (
"InvalidNetworkInterfaceId.Malformed",
"InvalidNetworkInterfaceID.NotFound"):
if fail_nonexisting_id:
raise errors.ObjectDoesNotExist(
"A network interface with id {0} does not exist".format(
eni_id))
return None
raise
return eni
def get_internet_gateway_by_id(ec2, gateway_id, fail_nonexisting_id=False):
gateway = ec2.InternetGateway(gateway_id)
if gateway not in ec2.internet_gateways.filter(
Filters=ec2_filters.from_dict({
'internet-gateway-id': gateway_id,
})):
if fail_nonexisting_id:
raise errors.ObjectDoesNotExist(
'Internet gateway with id {0} does not exist.'.format(
gateway_id))
return None
gateway.load()
return gateway
def get_vpc_by_id(ec2, vpc_id, fail_nonexisting_id=False):
"""
Retrieves a VPC with an ID of vpc_id or optionally fails when it does not exist.
:raises errors.ObjectDoesNotExist: when a VPC with id vpc_id does not exist.
"""
vpc = ec2.Vpc(vpc_id)
try:
vpc.load()
except boto.ClientError as e:
if e.response['Error']['Code'] == 'InvalidVpcID.NotFound':
if fail_nonexisting_id:
raise errors.ObjectDoesNotExist(
'VPC with id {0} does not exist'.format(vpc_id))
return None
raise
return vpc
def get_default_vpc(ec2):
"""
Retrieves the default VPC.
:raises errors.ObjectDoesNotExist: when the default VPC does not exist.
"""
vpc_collection = ec2.vpcs.filter(
Filters=ec2_filters.from_dict(dict(isDefault='true', )))
vpcs = list(vpc_collection)
if not vpcs: # we don't have a default VPC
raise errors.ObjectDoesNotExist(
"Default VPC does not exist. Create one or pass "
"the VPC id via 'vpc' parameter.")
# we cannot have more than one default VPC per region
vpc = vpcs[0]
vpc.load()
return vpc
def get_default_subnet_for_az(ec2, availability_zone_id):
subnet_collection = ec2.subnets.filter(
Filters=ec2_filters.from_dict({
'availability-zone-id': availability_zone_id,
'default-for-az': 'true',
}))
subnets = list(subnet_collection)
if not subnets:
raise errors.ObjectDoesNotExist(
'Availability zone with id {0} does not'
' have a default subnet'.format(availability_zone_id))
# there can't be more than 1 default subnet per AZ
subnet = subnets[0]
subnet.load()
return subnet
def _get_or_create(ec2, module_params, check_mode):
vpc_id = module_params["vpc"]
changed = False
if module_params["id"]:
sg = _get_existing_secgroup_by_id(ec2, module_params["id"])
if sg is None:
raise errors.ObjectDoesNotExist(
"The security group with id '{0}' does not exist.".format(
module_params["id"]))
else:
# for non-id identification or not-found creation, we default to the default vpc
if vpc_id is None:
default_vpc = ec2_vpc_utils.get_default_vpc(ec2)
vpc_id = default_vpc.id
sg = _get_existing_secgroup_by_name_and_vpc(ec2, module_params["name"],
vpc_id)
if sg is None:
changed = True
if module_params["description"] is None:
raise errors.ValidationError("When creating a security group, "
"a description is required.")
if check_mode:
# we stop here, because we don't want to simulate all operations
# on a virtual security group if we know the result already
return changed, dict(GroupId="generated-by-aws",
VpcId=vpc_id,
GroupName=module_params["name"],
Description=module_params["description"],
Tags=[],
IpPermissions=[],
IpPermissionsEgress=[
SimpleSecurityGroupRule.
default_egress().to_boto_dict()
])
sg = ec2.create_security_group(
VpcId=vpc_id,
GroupName=module_params["name"],
Description=module_params["description"])
waiter = ec2.meta.client.get_waiter("security_group_exists")
waiter.wait(GroupIds=[sg.id])
return changed, sg
